Hey, guys, Welcome back to the cyber kilt, in course. And sadly, this is other turned name. And today we're covering
action on objectives.
Okay, so we reach the end,
the goal of the attack.
Now that we've finished our successful reconnaissance, successful organizations, successful delivery, successful
and then went through a
textbook example off commanding, controlled
now at the
attacker went through the environment. However, so far he did not get a single thing. Nothing.
The only thing that he can say now is he was able to hack this or that company. But he does not even have pervaded that.
So now he most action on objective.
the accident objective
in the action of UN objectives, the attacker performs
the steps to achieve that goal. So basically, going through six step is to achieve the action on objective.
the attacker is in the network. He has connective ity. Now he needs to get
basically the payment ist it easy, Logan. Data account information. Any other sensitive information
grass. Um, the whole metric and hope people would pay for that.
That's action on objective.
This step, by the way, might take months
it's because the attacker tries to be
less noisy as possible. So he's trying to take a 1,000,000,000,000 steps without being detected.
He needs to be silent,
so that's why it takes a lot of time
on. During that time, he needs again communication, which is command and control.
So action objective is kind of the goal.
Let's go back to our example.
I'm not sure if you guys noticed one thing when I displayed the picture.
There's one thing
kind of caught my eye.
Basically, the machine
anti virus. Nothing.
It's not showing the other thing. It's a laptop, which means it's portable. So basically, these are the kind of things that was someone would look into. So because of select up, it's portable. There's a lot of data stored on the laptop because he needs to access even when he's away from the office. So
let's go back to the
machine itself and
and start with
going to the desktop,
cause a lot of people would save some day
stop. Okay, I need to put CD
go to desktop
and then we're going
Look what kind of things
on the desktop.
So this might seem interesting.
Obviously, in a real life situation would not be as easy as this. However, a folder on the desktop is called Crown Jewels that taxi.
And I know a reality. This would never happen.
But why not?
So let's open the violence, See, but kind of information is,
it's not really a
the next machine, so I cannot
So it's a less
to start T X c.
Okay. So again, I'm sorry about that. I thought for some reason when you used the next
less as one of the things that you
get used to So I'm I'm showing the counters, that text and it says Count Jews. Obviously, this is just a capture, the flag kind of situation where it was extremely obvious.
But there you go. You want to go through the
Oh, The attacker would go through the machine file by file until he reaches his
That he started this for again. Don't forget that I still have all of these options that I can't run. I can't record the mike again. It's a laptop. If I won a bike when there and
they Ah, when they are in the meeting or something like that, I would be able to get more information that I hoped for.
On dhe, you can terminate processes. You can basically clear the event logs. Obviously, a lot of hackers would do that before they leave.
and and there's a lot of capabilities that you can do that. Don't forget that.
we covered the final step of the cyber guilting. What is the main purpose off the action on objective
So, as I said now, then through the takes,
the action required to achieve that goal
getting the day today he wants credit card information, payment ist ity any other
possibility. There's a limitless number of possibilities off objectives that a hacker, my tap, it might be just destructive. Where he destroyed the whole system's on believe it can be a lot somewhere kind of thing, so depends on the objective.
So we have a number of tour forces here. The 1st 1 is action. Objective can be done quickly and shouldn't take too long.
That's actually not true action. As I said, you have to be at the tackle has to be as quiet as possible during action. Objective because you don't want to be discovered. You want to take your time. Now that you're beyond any security system or any capabilities for them to discovery, you want to be as quiet as possible. Take your time.
everything that you can to explore and then action on your objective.
Second, hacker used or hackers use actions on objective
to erase any lock and leave
and other contain. That's one usually the last phase. We're basically action objective. And then there is a love your large on leave,
however, and this Africa LTE it's usually Ah,
not something that they pay attention to addressing the logs because it's kind of the action objective. He well, he got the goal regards if they discovered him or not
after the fact
she achieved his objective.
However, it's usually a good idea for an attacker to erase any logs before leaving the environment.
Finally, action on objective is the gold off. The attack
on that's actually true because,
well, we said is the 1st 6 step is for me to reach that goal to teach basically the capability to get my objective out of the whole attack.
Okay, so we today we covered action on objectives.
We covered the full cyber kilt in. We went through three reconnaissance
We just covered action on objectives.
And the next video, we're going to use the cybercult chain to design
a defense in depth model for a corporate or a company.
Thank you so much. And I see you then.